mposolda
a7f57c7e23
KEYCLOAK-9021
2018-12-12 07:09:14 +01:00
mposolda
10eb13854e
KEYCLOAK-9028 Fix another NPE in Cors debug logging
2018-12-11 21:24:32 +01:00
Hynek Mlnarik
cea9e877ad
KEYCLOAK-9036 Fix NPE
2018-12-11 15:35:19 +01:00
MICHEL Arnault (UA 2118)
3f13df81ab
[KEYCLOAK-8580] Fixes and log improvements :
...
- fix buildChain method (return value)
- method setJVMDebuggingForCertPathBuilder removed as it doesn't output anything in server.log
- Performance : don't reload truststore on each authentication request
- Don't generate stacktrace while detecting intermediate CA's
- review log levels and messages : no log if
- log if truststore is not properly configured in standalone[-ha].xml
2018-12-10 13:58:58 +01:00
Hynek Mlnarik
dad12635f6
KEYCLOAK-9014 Fix displayed applications
2018-12-10 09:59:46 +01:00
Pedro Igor
0c39eda8d2
[KECLOAK-8237] - Openshift Client Storage
2018-12-06 10:57:53 -02:00
Hynek Mlnarik
27f145969f
KEYCLOAK-7936 Prevent registration of the same node
...
The root cause is that NodesRegistrationManagement.tryRegister can be
called from multiple threads on the same node, so it can require
registration of the same node multiple times. Hence once it turns to
tasks that invoke sendRegistrationEvent (called sequentially), the same
check has been added to that method to prevent multiple invocations on
server side, or invocation upon undeployment/termination.
2018-12-05 12:34:17 +01:00
Pedro Igor
e798c3bca2
[KEYCLOAK-8901] - Identity Provider : UserInfo response as JWT Token not supported
2018-12-05 09:28:12 -02:00
Pedro Igor
4355c89b9d
[KEYCLOAK-7365] - No need to check roles when refreshing tokens
2018-11-29 08:51:25 -02:00
rmartinc
1b37394276
KEYCLOAK-7242: LDAPS not working with truststore SPI and connection timeout
2018-11-29 11:21:46 +01:00
mposolda
6db1f60e27
KEYCLOAK-7774 KEYCLOAK-8438 Errors when SSO authenticating to same client multiple times concurrently in more browser tabs
2018-11-21 21:51:32 +01:00
Cédric Couralet
dc06a8cee3
Fix KEYCLOAK-8832 ( #5735 )
...
Avoid NullPointerException when browser sends "Origin" header and
allowedOrigin is null. This happens on chrome with admin console
2018-11-19 17:53:05 +01:00
Stian Thorgersen
f3bf1456ab
KEYCLOAK-8781 Mark OpenShift integration as preview. Fix issue in Profile where preview features was not enabled in preview mode. ( #5738 )
2018-11-19 17:32:21 +01:00
Hynek Mlnarik
548950ed8e
KEYCLOAK-8756 Consider also required actions of AuthenticationSession
2018-11-19 16:04:43 +01:00
Marek Posolda
f67d6f9660
KEYCLOAK-8482 Access token should never contain azp as an audience ( #5719 )
2018-11-19 14:38:41 +01:00
Stian Thorgersen
3756cf629b
KEYCLOAK-7081 Fixes for manual/qr mode switches on login config otp page ( #5717 )
2018-11-19 14:32:28 +01:00
Takashi Norimatsu
0793234c19
KEYCLOAK-8460 Request Object Signature Verification Other Than RS256 ( #5603 )
...
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256
also support client signed signature verification by refactored token
verification mechanism
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256
incorporate feedbacks and refactor client public key loading mechanism
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256
unsigned request object not allowed
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256
revert to re-support "none"
2018-11-19 14:28:32 +01:00
Hynek Mlnarik
461dae20de
KEYCLOAK-8731 Ensure password history is kept in line with password policy
2018-11-19 12:48:51 +01:00
mposolda
0533782d90
KEYCLOAK-7275 KEYCLOAK-5479 Faster offline sessions preloading at startup. Track lastSessionRefresh timestamps more properly by support bulk update to DB
2018-11-16 14:23:28 +01:00
Stan Silvert
0b36020bf5
KEYCLOAK-8759: Wrong RH-SSO name on Welcome Page
2018-11-15 13:00:55 -05:00
Leon Graser
85f11873c3
KEYCLOAK-8613 Group Membership Pagination
2018-11-15 17:54:07 +01:00
Gideon Caranzo
39bf08e1b9
KEYCLOAK-8783 also checked admin roles when realm admin client is specified
2018-11-15 14:23:18 +01:00
Gideon Caranzo
9f88abb022
KEYCLOAK-8783 only checked master and realm admin roles when roles are specified in imported realm
2018-11-15 14:23:18 +01:00
Thomas Darimont
cf57a1bc4b
KEYCLOAK-1267 Add dedicated SSO timeouts for Remember-Me
...
Previously remember-me sessions where tied to the SSO max session
timeout which could lead to unexpected early session timeouts.
We now allow SSO timeouts to be configured separately for sessions
with enabled remember-me. This enables users to opt-in for longer
session timeouts.
SSO session timeouts for remember-me can now be configured in the
tokens tab in the realm admin console. This new configuration is
optional and will tipically host values larger than the regular
max SSO timeouts. If no value is specified for remember-me timeouts
then the regular max SSO timeouts will be used.
Work based on PR https://github.com/keycloak/keycloak/pull/3161 by
Thomas Darimont <thomas.darimont@gmail.com>
2018-11-15 06:11:22 +01:00
Pedro Igor
f5ae76d8e3
[KEYCLOAK-8768] - Policy evaluation tool failing when client is used and identity.getId is called
2018-11-14 19:16:41 -02:00
Hynek Mlnarik
c3778e66db
KEYCLOAK-8260 Improve SAML conditions handling
2018-11-14 20:09:22 +01:00
Martin Kanis
6a23eb19f5
KEYCLOAK-8166
2018-11-14 20:09:22 +01:00
Martin Kanis
72b23c1357
KEYCLOAK-8160
2018-11-14 20:09:22 +01:00
Martin Kanis
0cb6053699
KEYCLOAK-8125
2018-11-14 20:09:22 +01:00
vramik
6564cebc0f
KEYCLOAK-7707
2018-11-14 20:09:22 +01:00
Bruno Oliveira da Silva
a957e118e6
Redirect URLs are not normalized
2018-11-14 20:09:22 +01:00
mposolda
0897d969b1
KEYCLOAK-7340
2018-11-14 20:09:22 +01:00
mposolda
1b5a83c4f1
KEYCLOAK-6980 Check if client_assertion was already used during signed JWT client authentication
2018-11-14 20:09:22 +01:00
Pedro Igor
cd96d6cc35
[KEYCLOAK-8694] - Mark Drools policy as tech preview
2018-11-09 11:08:49 -02:00
Pedro Igor
bce2aee144
[KEYCLOAK-8646] - Error deleting policies when admin events are enabled
2018-11-06 11:27:32 -02:00
rmartinc
cbe59f03b7
KEYCLOAK-8708: Provide aggregation of group attributes for mappers
2018-11-06 13:42:38 +01:00
Torbjørn Skyberg Knutsen
36b0d8b80e
KEYCLOAK-7166 Added the possibility of not logging out of remote idp on browser logout, by passing a query param containing the id of the identity provider
2018-11-06 13:39:19 +01:00
Pedro Igor
327991bd73
[KEYCLOAK-8716] - Issue with caching resolved roles in KeycloakSession
2018-11-06 10:27:04 -02:00
mposolda
ffcd8e09e7
KEYCLOAK-8175 Possibility of clientScope not being used if user doesn't have a role
2018-10-31 18:04:41 +01:00
mposolda
cfeb56e18a
KEYCLOAK-8641 Remove aud from the authorization tickets
2018-10-31 13:31:26 +01:00
mposolda
9652748ba9
KEYCLOAK-8484 Remove audience client scope template
2018-10-31 11:11:02 +01:00
Pedro Igor
f6943296c7
[KEYCLOAK-8489] - RPT request: Authorized Party's protocol mappers are being applied instead of the Audience's ones
2018-10-26 09:40:32 -03:00
Graser Leon
9ef4c7fffd
KEYCLOAK-8377 Role Attributes
2018-10-24 22:04:28 +02:00
Pedro Igor
2af9d002b6
[KEYCLOAK-8172] - Evaluation not considering scopes inherited from parent resources
2018-10-24 12:50:27 -03:00
Pedro Igor
a2b13715ed
[KEYCLOAK-8625] - Saving client settings will cause always adding default authorization settings
2018-10-24 10:18:04 -03:00
mposolda
c36b577566
KEYCLOAK-8483 Remove application from the aud claim of accessToken and refreshToken
2018-10-23 13:52:09 +02:00
Gideon Caranzo
7d85ce93bb
KEYCLOAK-8555 queried only realms with user storage provider to speed up user storage sync bootstrap
2018-10-19 09:53:58 +02:00
vramik
7a96911a83
KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
...
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
MICHEL Arnault (UA 2118)
ab8789739f
[KEYCLOAK-8580] Add Nginx certificate lookup provider
2018-10-16 07:53:18 +02:00
stianst
5f0424fb11
KEYCLOAK-8310 Change scheme option to alwaysHttps option
2018-10-15 14:00:00 +02:00
Stefan Guilhen
68a54abb09
KEYCLOAK-6757 Update MicrosoftIdentityProvider to use the Microsoft Graph endpoints
2018-10-15 12:46:15 +02:00
stianst
11374a2707
KEYCLOAK-8556 Improvements to profile
2018-10-12 12:26:37 +02:00
Gideon Caranzo
0e8d79bbfb
KEYCLOAK-8554 checked if master realm exist instead of number of realms for new installation check
2018-10-12 09:43:41 +02:00
stianst
aaa33ad883
KEYCLOAK-8509 Improvements to session iframe
2018-10-10 21:01:05 +02:00
rmartinc
0a6f43c1a1
KEYCLOAK-8490: Direct grants returns invalid credentials when user has pending actions
2018-10-10 20:18:20 +02:00
Toni Ristola
22d64368a6
KEYCLOAK-8191 Fixed DI that was not working
2018-10-09 08:22:43 -03:00
Pedro Igor
79ca722b49
[KEYCLOAK-7605] - Make sure Evaluation API is read-only
2018-10-09 08:09:29 -03:00
Moritz Becker
f17b5f0f49
fix KEYCLOAK-7572 consistently perform duplicate user checks during account update only if email changes
...
Fix test
2018-10-05 09:35:05 +02:00
stianst
86a2f28561
KEYCLOAK-8310 Add support to set fixed scheme on fixed hostname provider
2018-10-05 09:34:17 +02:00
gbtec-igormartens
c41bcddd8d
Update UserResource.java
...
In my opinion, the old documentation does not match the actual behaviour of the resetPassword method.
2018-10-04 12:54:49 +02:00
mposolda
2a4cee6044
KEYCLOAK-6884 KEYCLOAK-3454 KEYCLOAK-8298 Default 'roles' and 'web-origins' client scopes. Add roles and allowed-origins to the token through protocol mappers
2018-10-04 12:00:38 +02:00
Stan Silvert
dba513c921
KEYCLOAK-8419: Make most act mgt APIs only active in preview mode
2018-10-02 16:32:56 -04:00
Pedro Igor
b4b3527df7
[KEYCLOAK-7950] - Fixes user pagination when using filtering users members of groups
2018-10-02 15:44:23 -03:00
mposolda
4b9b189016
KEYCLOAK-8008 Ensure InputStream are closed
2018-10-01 16:06:32 +02:00
Martin Kanis
efe6a38648
KEYCLOAK-6718 Auth Flow does not Check Client Protocol
2018-09-26 21:00:02 +02:00
Pedro Igor
43f5983613
[KEYCLOAK-8289] - Remove authorization services from product preview profile
2018-09-26 18:27:27 +02:00
mposolda
3777dc45d0
KEYCLOAK-3058 Support for validation of "aud" in adapters through verify-token-audience configuration switch
2018-09-21 11:17:05 +02:00
Douglas Palmer
b748e269ec
[KEYCLOAK-7435] Added code to delete a specific session and tests for session deletion
2018-09-20 15:57:58 +02:00
Pedro Igor
6b0bc0b3be
[KEYCLOAK-8308] - Deprecate token_introspection_endpoint claim from OIDC discovery document
2018-09-19 09:46:50 -03:00
Rafael Weingärtner
3dd6f9cb85
Enable "DockerComposeYamlInstallationProviderTest" to run on Windows
2018-09-19 11:22:57 +02:00
Pedro Igor
aaf78297c9
[KEYCLOAK-7987] - Can't set authorization enabled when using kcreg
2018-09-18 10:00:16 -03:00
mposolda
99a16dcc1f
KEYCLOAK-6638 Support for adding audiences to tokens
2018-09-13 21:40:16 +02:00
slominskir
c4a651bcac
KEYCLOAK-7270 - Support for automatically linking brokered identities
2018-09-12 18:50:35 +02:00
Johannes Knutsen
d4a5c81034
KEYCLOAK-8146: Extract LocaleSelectorSPI to allow custom overrides of locale selection
2018-09-11 20:35:48 +02:00
stianst
26f257a6ac
KEYCLOAK-8264 Update OpenShift Token Review endpoint to support additional algorithms and to update session last refresh on token introspection
2018-09-11 19:57:38 +02:00
stianst
12f3d2115d
KEYCLOAK-8263 Add option to client to override access token timeout
2018-09-11 12:40:51 +02:00
stianst
24e60747b6
KEYCLOAK-7560 Refactor token signature SPI PR
...
Also incorporates:
KEYCLOAK-6770 ES256/384/512 providers
KEYCLOAK-4622 Use HS256 for refresh tokens
KEYCLOAK-4623 Use HS256 for client reg tokens
2018-09-11 08:14:10 +02:00
Takashi Norimatsu
5b6036525c
KEYCLOAK-7560 Refactor Token Sign and Verify by Token Signature SPI
2018-09-11 08:14:10 +02:00
Pedro Igor
0561d73ae2
[KEYCLOAK-6285] - HTTP Challenge Authentication Flow
2018-09-10 19:02:49 +02:00
stianst
bf758809ba
KEYCLOAK-6229 OpenShift Token Review interface
2018-09-07 08:21:28 +02:00
stianst
c56e171f3a
KEYCLOAK-7608 Check if themes dir is null in FolderThemeProvider
2018-09-06 08:52:17 +02:00
Hynek Mlnarik
812e76c39b
KEYCLOAK-8163 Improve SAML validations
2018-09-05 15:47:03 +02:00
Pedro Igor
47066e1b89
[KEYCLOAK-8012] - Fix offline session support in authorization services
2018-09-04 15:07:49 -03:00
Pedro Igor
6a0a1031a1
[KEYCLOAK-7754] - Fixing compat issues with UMA spec in RPT Introspection Provider
2018-09-04 11:41:09 -03:00
June Zhang
237318dfd3
KEYCLOAK-7751 Auth welcome page
2018-09-04 07:55:08 +02:00
Hynek Mlnarik
54b5ec206e
KEYCLOAK-8183 Improve authz caching for negative cases
2018-08-31 18:31:55 +02:00
Hynek Mlnarik
bee3894cdf
KEYCLOAK-8150 Improve loading user list
2018-08-30 13:03:49 +02:00
mposolda
b70468341e
KEYCLOAK-7470 Ability to order client scopes
2018-08-29 14:37:27 +02:00
Jani
42553cdc44
[KEYCLOAK-7695] Restore token_type and expires_in for implicit flow
...
As KEYCLOAK-6585 concerns only hybrid flow, this commit restores the behavior for implicit flow.
This commit partially reverts #5041 (061049e41a6b0e6fb45c75f05748023ad7ab7d92).
2018-08-29 13:00:57 +02:00
AlistairDoswald
36837ae4b6
Added a ScriptMapper for SAML for KEYCLOAK-5520
...
Added mapper, tests and entry in the ProtocolMapper file.
This code is adapted from the following module: https://github.com/cloudtrust/keycloak-client-mappers
2018-08-29 09:39:30 +02:00
mposolda
31270e2f52
KEYCLOAK-7437 Support for prompt=consent
2018-08-29 08:35:29 +02:00
Johannes Knutsen
56c97407d4
KEYCLOAK-8152: Allow passing the current locale to OAuth2 identity providers
2018-08-28 15:52:23 +02:00
mposolda
6fc99cd749
KEYCLOAK-7594 Upgrade to Wildfly 13. Cross-DC: Upgrade to infinispan server 9.2.4 and JDG 7.2
...
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2018-08-27 12:52:53 +02:00
Martin Kanis
59082e0b5f
KEYCLOAK-7943 NPE when SAML User Property mapper is empty
2018-08-24 14:39:24 +02:00
Pedro Igor
9882341ecf
[KEYCLOAK-7725] - CORS should be set based on client making the request
2018-08-24 09:35:38 -03:00
Martin Kanis
248654a75e
KEYCLOAK-6706 E-mail verification won't let user back into the app
2018-08-21 16:30:15 +02:00
rmartinc
1b88eaf817
KEYCLOAK-8080 Audit the realm event configuration change
2018-08-20 21:01:38 +02:00
Corentin Dupont
b80701589c
[KEYCLOAK-7804] - Option to return resource body
2018-08-20 13:07:29 -03:00
Martin Kanis
d04791243c
KEYCLOAK-7970-KEYCLOAK-7222 Add clientId to action tokens
2018-08-20 15:25:24 +02:00
Pedro Igor
625f613128
[KEYCLOAK-4902] - Using streams to process requested permissions and limit support for scope responses
2018-08-17 11:00:53 -03:00
stianst
e406e8f1f0
KEYCLOAK-8069 Simplify config for fixed hostname provider
2018-08-17 14:47:14 +02:00
Hiroyuki Wada
730377a843
KEYCLOAK-7528 Set Cache-Control and Pragma header in token endpoint
2018-08-14 11:41:12 +02:00
Stefan Guilhen
f36e45cb10
[KEYCLOAK-4902] - Using streams to process scopes and cache improvements
2018-08-14 06:29:10 -03:00
Steffen Kreutz
ed72097862
KEYCLOAK-5289 Add support for Google's hd parameter
2018-08-14 11:08:57 +02:00
Stefan Guilhen
1912a8acf4
[KEYCLOAK-7885] Fix javadoc/log message typos
2018-08-13 22:09:17 -03:00
Sebastian Laskawiec
3449401ae2
KEYCLOAK-7635: Subject DN validation for x509ClientAuthenticator
2018-08-13 09:36:02 +02:00
sebastienblanc
02b2a8aab0
KEYCLOAK-7635 : Authenticate clients with x509 certificate
2018-08-13 09:36:02 +02:00
Stefan Guilhen
060b3b8d0f
[KEYCLOAK-4902] - Using streams when fetching resources
2018-08-09 16:28:31 -03:00
Hynek Mlnarik
a8a9631d4f
KEYCLOAK-6832 Unify Destination attribute handling
2018-08-09 10:30:30 +02:00
Pedro Igor
80e5227bcd
[KEYCLOAK-4902] - Refactoring and improvements to processing of authz requests
2018-08-07 10:53:40 -03:00
Richard Kolkovich
72750b9882
KEYCLOAK-7954 treat empty string as null for skipping token verification
2018-08-07 11:13:15 +02:00
ssilvert@win.redhat.com
e7e15652cf
KEYCLOAK-7479: Sanitize
2018-08-01 14:22:39 -04:00
Hynek Mlnarik
f57cc3a9c0
KEYCLOAK-5257 Clarify usage of TokenVerifier
2018-08-01 13:38:31 +02:00
mposolda
29da7d3d90
KEYCLOAK-7562 Fix ClientInitiatedAccountLinkTest#testErrorConditions
2018-08-01 13:33:23 +02:00
stianst
f99299ee39
KEYCLOAK-7967 Introduce Hostname SPI
2018-08-01 11:57:45 +02:00
stianst
ae47b7fa80
KEYCLOAK-7967 Remove injection of UriInfo
2018-08-01 11:57:45 +02:00
Takashi Norimatsu
665bcaebbb
KEYCLOAK-7959 OAuth 2.0 Certificate Bound Access Tokens in Rev Proxy
2018-07-31 21:53:46 +02:00
Hiroyuki Wada
398f7d950f
KEYCLOAK-7910 Store credentials when updating user via Admin REST API
2018-07-31 15:36:21 +02:00
Takashi Mogi
959e7b1b01
KEYCLOAK-7201 OIDC Identity Brokering with Client parameter forward
...
Forward "custom" (non-standard) query parameters to external IDP
2018-07-31 10:18:29 +02:00
ssilvert@win.redhat.com
6c593bab5a
Check credential confirmation on server side.
2018-07-30 13:15:02 -04:00
Hynek Mlnarik
f43519a16e
KEYCLOAK-6708 Fix NPE when email not set for email NameIDFormat
2018-07-27 11:10:35 +02:00
fisache
771d7f1724
[KEYCLOAK-7872] Fix. Remove Identity Provider Mapper when remove identity provider
2018-07-26 08:45:26 +02:00
ssilvert@win.redhat.com
0844aa8d68
KEYCLOAK-7857: Fix notifications
2018-07-25 08:59:25 -04:00
ssilvert@win.redhat.com
d73c4288ae
KEYCLOAK-7294: Password page - Angular
2018-07-25 08:59:25 -04:00
vramik
524ab44160
KEYCLOAK-6866 Error 404 after changing locale while authenticating using X.509
2018-07-24 17:24:32 +02:00
Daniil Filippov
af72c1374a
KEYCLOAK-7823 Fix HTTP status returned during SPNEGO auth
2018-07-24 10:38:42 +02:00
Hiroyuki Wada
7c0ca9aad2
KEYCLOAK-6313 Add required action's priority for customizing the execution order
2018-07-23 22:21:04 +02:00
Hynek Mlnarik
b43392bac8
KEYCLOAK-6577 KEYCLOAK-5609 Support dot in claim names by escaping with backslash
2018-07-23 14:46:25 +02:00
Pedro Igor
acc5f5c6d1
[KEYCLOAK-7864] - Authorization claim not set in refresh token when issuing a new refresh token
2018-07-19 09:56:59 -03:00
Pedro Igor
8b6979ac18
[KEYCLOAK-7849] - Improvements to RPT upgrade
2018-07-18 16:40:55 -03:00
Martin Kanis
34407957b9
KEYCLOAK-6314 Internal server error after T&C rejection
2018-07-18 15:05:22 +02:00
ssilvert@win.redhat.com
3e158c0321
KEYCLOAK-7846: Turn off disallowed features
2018-07-17 12:44:06 -04:00
Pedro Igor
90bfa2bff5
[KEYCLOAK-7781] - More validations to authorization requests
2018-07-13 09:18:05 -03:00
stianst
f022bc1269
[KEYCLOAK-5629] Add credential endpoints to account service
2018-07-12 13:00:25 -04:00
mhajas
5aebc74f8c
KEYCLOAK-7269 Setting more uris for Authorization Resource
2018-07-11 17:48:34 -03:00
mposolda
8c66f520af
KEYCLOAK-7745 JTA error if offline sessions can't be preloaded at startup within 5 minutes
2018-07-04 10:22:13 +02:00
Pedro Igor
dafd567e68
[KEYCLOAK-7763] - NPE when enabling authorization to security-admin-console
2018-07-03 13:18:53 -03:00
ssilvert@win.redhat.com
d55ccf5312
KEYCLOAK-7015: Not allowing two users to have empty string emails addrs.
2018-07-03 11:04:36 -04:00
Pedro Igor
871be4ad87
[KEYCLOAK-7764] - Error when processing resource-less permissions
2018-07-03 10:35:11 -03:00
vramik
742a280f5d
KEYCLOAK-5556 support for POST for AuthorizationEndpoint
2018-07-03 10:38:10 +02:00
wyvie
1450a7fad4
[KEYCLOAK-7569] support for authentication flow update
...
Added support for the PUT method of the authentication flow endpoint in
the admin API.
Now it's possible to run the 'update' method for authentication/flows in
kcadm.sh.
2018-07-03 10:31:23 +02:00
stianst
3c5027de3c
KEYCLOAK-7701 Refactor key providers to support additional algorithms
2018-06-29 14:14:25 +02:00
Johannes Knutsen
fc3ca33033
Set hardcoded user session attribute after IDP first login flow
2018-06-26 10:31:55 +02:00
Takashi Norimatsu
2fb022e501
KEYCLOAK-7688 Offline Session Max for Offline Token
2018-06-26 08:25:06 +02:00
vramik
b478472b35
KEYCLOAK-7478 Add key query param to change locale url
2018-06-26 08:19:25 +02:00
Hynek Mlnarik
6b968796ce
KEYCLOAK-7667 Fix namespace handling when decrypting assertion
2018-06-21 13:09:18 +02:00
Hiroyuki Wada
c2012a595b
KEYCLOAK-7650 Don't display disabled identity providers
2018-06-19 08:55:24 -04:00
Marek Posolda
49407c2e4f
KEYCLOAK-6630 Client scopes initial support ( #5076 )
...
* KEYCLOAK-6630 KEYCLOAK-349 Client Scopes
Co-authored-by: vramik <vramik@redhat.com>
* KEYCLOAK-6630 Change some clientTemplate occurences to clientScope
2018-06-08 15:38:38 +02:00
Pedro Igor
aa128d6c07
Merge pull request #5240 from pedroigor/KEYCLOAK-7353
...
[KEYCLOAK-7353] Support Policy Management in Protection API
2018-06-07 11:05:49 -03:00
Ola Bergefall
c8c76cc03f
KEYCLOAK-7316: Default back to false if isPassive is missing in request.
2018-06-07 08:50:32 +02:00
Federico M. Facca
5a9bfea419
[KEYCLOAK-7353] Support Policy Management in Protection API
...
See https://issues.jboss.org/browse/KEYCLOAK-7353
2018-06-06 19:36:42 -03:00
Hynek Mlnarik
7ff18ca14b
KEYCLOAK-7331 Fix NPE when SAML Issuer not set in AuthnRequest
2018-06-06 16:21:18 +02:00
Takashi Norimatsu
c586c63533
KEYCLOAK-6771 Holder of Key mechanism
...
OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access
Tokens
2018-06-05 08:18:29 +02:00
Pedro Igor
f8919f8baa
Merge pull request #5211 from pedroigor/KEYCLOAK-7367
...
[KEYCLOAK-7367] - User-Managed Policy Provider
2018-06-04 09:35:13 -03:00
Jared Blashka
65c39763eb
KEYCLOAK-7356 Code to Token flow fails if initial redirect_uri contains a session_state parameter
2018-05-31 08:53:11 +02:00
Martin Kanis
f429469fc8
KEYCLOAK-5270 Realm cookie path for IE<=11 users ( #5106 )
2018-05-31 08:44:34 +02:00
Takashi Norimatsu
eb97151476
KEYCLOAK-7451 OAuth Authorization Server Metadata for Proof Key for Code Exchange
2018-05-28 22:15:43 +02:00
Pedro Igor
2b6597e9f1
[KEYCLOAK-7367] - User-Managed Policy Provider
2018-05-25 16:18:15 -03:00
Pedro Igor
e5d997a6c0
Merge pull request #5203 from martel-innovate/separate-ticket-permission-and-uma-permission-API
...
[KEYCLOAK-7354] - Split ticket management and permission endpoint
2018-05-17 15:22:55 -03:00
Federico M. Facca
76076cdb3c
[KEYCLOAK-7354] split ticket management and permission endpoint
...
see (https://issues.jboss.org/browse/KEYCLOAK-7354 )
* created new endpoint for ticket management /permission/ticket
* removed unused class
* support for direct creation of ticket by resource owner
* fix DELETE ticket
2018-05-16 15:10:39 +02:00
Timo Knapp
487539542a
KEYCLOAK-7325: Fix Issue regarding HTTP 500 Server Error for resource_set Endpoint in ProtectionService ( #5196 )
...
* KEYCLOAK-7325: Fix Issue regarding HTTP 500 Server Error for resource_set Endpoint in ProctectionService
2018-05-15 14:57:33 -03:00
Federico M. Facca
5cbe595fe3
This commit implement feature KEYCLOAK-7337
...
* return requester
when returnNames=true
* return requesterName
* return owernName
2018-05-11 21:08:16 +02:00
Pedro Igor
e84acd9898
Merge pull request #5177 from pedroigor/KEYCLOAK-7206
...
[KEYCLOAK-7206] - Search by user id on admin console
2018-05-04 09:11:49 -03:00
Martin Kanis
9505925363
Revert "KEYCLOAK-5270 Realm cookie path for IE<=11 users ( #5106 )" ( #5183 )
...
This reverts commit a67da7bc59
.
2018-05-02 09:31:42 +02:00
pedroigor
ddceaaf3d5
[KEYCLOAK-7206] - Search by user id on admin console
2018-04-30 11:44:33 -03:00
Pedro Igor
e960642399
Merge pull request #5144 from pedroigor/KEYCLOAK-4903
...
[KEYCLOAK-4903] - Pushed Claims
2018-04-26 15:59:13 -03:00
Stan Silvert
35154db50f
KEYCLOAK-7123: l10n dropdowns ( #5170 )
...
* KEYCLOAK-7196: Add kc_locale to keycloak.js
* KEYCLOAK-7123: Localization dropdowns
* Update keycloak-service to latest keycloak.js
2018-04-25 15:04:12 -04:00
pedroigor
035ebc881a
[KEYCLOAK-4903] - Claim Information point Provider SPI and configuration
2018-04-25 10:16:41 -03:00
pedroigor
e813fcd9c8
[KEYCLOAK-4903] - Pushing claims when obtaining a permission ticket
2018-04-24 19:47:28 -03:00
mposolda
634e7170e3
KEYCLOAK-7158 RestartLoginCookie throws error when KC_RESTART cookie created by Keycloak 1.9
2018-04-23 21:56:13 +02:00
Martin Kanis
7efa45126c
KEYCLOAK-6991 NPE when importing realm from file
2018-04-19 14:26:50 +02:00
Oskars
3bef6d5066
KEYCLOAK-4538 Configurable clock skew when validating tokens ( #5014 )
...
* [master]: fix type for checkLoginIframeInterval
* [master]: KEYCLOAK-4538 Feature to tolerate a configurable amount of seconds of clock skew when validating tokens
* [master]: KEYCLOAK-4538 Fix unit test scenarios for token clock skew
* [master]: KEYCLOAK-4538 Reverted wildcard imports
* [master]: fix unit test to use longer intervals to make test less fragile.
2018-04-16 11:09:25 +02:00
Vlastimil Eliáš
c1311e4619
KEYCLOAK-6849 - LinkedIn social login provider updated to new LinkedIn OAuth2 endpoint ( #5125 )
...
* KEYCLOAK-6849 - LinkedIn social login provider updated to new LinkedIn
OAuth2 endpoint
* KEYCLOAK-6849 - LinkedIn social login provider test updated
* KEYCLOAK-6849 - LinkedIn social login provider test updated to
conditionally handle consent page when shown only
* Simplify the LinkedIn app authorization
This reverts commit c12359e7a13d9ff231fe2e25cddba66ad679a9cd.
2018-04-13 08:09:27 +02:00
Stan Silvert
095fec95e5
KEYCLOAK-7022 Fix l10n on Welcome page ( #5143 )
2018-04-11 12:05:07 -04:00
Hugo Guerrero
fac3118b0a
KEYCLOAK-6448 - implement instagram social broker ( #4963 )
...
* KEYCLOAK-6448 - implement instagram social broker
* Instagram SocialLogin Tests
2018-04-09 17:30:27 +02:00
Martin Kanis
a67da7bc59
KEYCLOAK-5270 Realm cookie path for IE<=11 users ( #5106 )
2018-04-06 09:26:29 +02:00
Bill Burke
ffd9d957f4
Merge pull request #5123 from patriot1burke/kcadm-token
...
KEYCLOAK-7044 KEYCLOAK-7046
2018-04-04 17:22:17 -04:00
Stefan Guilhen
87abe5e648
[KEYCLOAK-6853] Make TimePolicyProvider use the kc.date.time_date contextual attribute when evaluating policies
2018-04-04 14:37:03 -03:00
Stan Silvert
701c318b60
KEYCLOAK-7047: Fix RegistrationEmailAsUsername and EditUserNameAllowed ( #5122 )
...
on personal info page.
2018-04-04 09:31:38 -04:00
Bill Burke
8a5428808e
KEYCLOAK-7044 KEYCLOAK-7046
2018-04-03 21:29:31 -04:00
Bill Burke
4078e84fb6
server driven success page
2018-03-31 10:16:44 -04:00
Bill Burke
f4a5e49b63
initial
2018-03-29 17:14:36 -04:00
Pedro Igor
5cae1bb134
Merge pull request #5093 from pedroigor/KEYCLOAK-4102
...
[KEYCLOAK-4102] - Support lazy load paths
2018-03-29 09:16:34 -03:00
Bill Burke
8d3dc790df
Merge pull request #5087 from patriot1burke/kcinit
...
KEYCLOAK-6813
2018-03-28 17:35:33 -04:00
Bill Burke
f5bacb79c1
review changes
2018-03-28 16:45:52 -04:00
pedroigor
4a425c2674
[KEYCLOAK-4102] - Support lazy loading of paths via policy enforcer config
2018-03-28 09:23:59 -03:00
Bill Burke
c38b6d585e
KEYCLOAK-528 ( #5103 )
2018-03-28 11:15:37 +02:00
Bill Burke
ad5f3fefc5
Merge remote-tracking branch 'upstream/master' into kcinit
2018-03-27 16:38:35 -04:00
Stan Silvert
80feb67fc2
KEYCLOAK-6494: Address load time of new acct mgt console ( #5100 )
...
* Optimize loading. min bundles, stop double-loading, rxjs-system instead of
plain rxjs, clean up 404's
* Create module loading hierarchy. Allows for lazy loading.
* Upgrade NG, remove jquery, load keycloak.js only from auth/js
* Delay systemjs loading. Load home page instead of account.
* KEYCLOAK-6496: Cleanup and polish code after optimizations.
* Fix message bundle to be back the way it was.
* Remove unused png's. Remove comments in index.ftl. Remove javaMessages.
2018-03-27 12:42:13 -04:00
pedroigor
e9e376419d
[KEYCLOAK-4102] - Removing create-resources configuration option
2018-03-27 09:51:13 -03:00
Pedro Igor
ffeb0420bf
Merge pull request #5079 from pedroigor/KEYCLOAK-6529
...
[KEYCLOAK-6529] - Resource Attributes
2018-03-27 09:30:38 -03:00
wyvie
d40e9bd3c1
[KEYCLOAK-6814] check if HMAC exists during session restart
2018-03-26 10:05:39 +02:00
Bill Burke
f000cedcbb
Merge remote-tracking branch 'upstream/master' into kcinit
2018-03-20 16:49:43 -04:00
Jérôme Blanchard
f11c24e359
[KEYCLOAK-6147] Include Nonce in OIDC authentication
2018-03-20 10:51:44 +01:00
Bill Burke
8926837a3e
tests
2018-03-19 16:47:13 -04:00
Áron Bustya
82ba2b1b0d
remove changes from standard OIDC client registration, move constants
2018-03-19 19:31:22 +01:00
Áron Bustya
57f57f5c75
set request object mandatory for client, restrict delivery mode
...
handle new attribute in client representation
add to UI
2018-03-19 19:31:22 +01:00
pedroigor
08896ee9c9
[KEYCLOAK-6529] - Resource Attributes
2018-03-19 13:21:39 -03:00
Bill Burke
4bba11cd94
kcinit
2018-03-16 12:11:57 -04:00
Douglas Palmer
fed1b62c5d
[KEYCLOAK-6301] Remove service account when it is disabled from the client
2018-03-14 15:09:42 +01:00
Takashi Norimatsu
5b1e65c23e
KEYCLOAK-6700 Financial API Read and Write API Security Profile : state
...
hash value (s_hash) to protect state parameter
2018-03-13 16:40:34 +01:00
Takashi Norimatsu
e72756d01a
KEYCLOAK-6700 Financial API Read and Write API Security Profile : state hash value (s_hash) to protect state parameter
2018-03-13 16:40:34 +01:00
Pedro Igor
2aa71d1737
Merge pull request #5051 from pedroigor/KEYCLOAK-6787
...
[KEYCLOAK-6787] - Wrong validation of resources with same name and different owners
2018-03-12 11:41:49 -03:00
pedroigor
0a4fd79b22
[KEYCLOAK-6116] - Get email attribute from 'subject alternative name' using X509 certificate
2018-03-09 10:56:35 -03:00
Martin Hardselius
8549bd70b7
Add pairwise sub support to authorization services
...
Identity token verification will now fetch the user from the session
state instead of relying on the sub provided in the token. Also done in
KeycloakIdentity.
Resolves: KEYCLOAK-6659
2018-03-02 13:08:27 +01:00
pedroigor
1e1de85685
[KEYCLOAK-6787] - Wrong validation of resources with same name and different owners
2018-03-01 16:50:05 -03:00
pedroigor
cb531056a6
[KEYCLOAK-6621] - Fixing cache and queries of policies with type scope
2018-02-28 16:33:45 -03:00
Pedro Igor
91bdc4bde2
[KEYCLOAK-3169] - UMA 2.0 ( #4368 )
...
* [KEYCLOAK-3169] - UMA 2.0 Support
* [KEYCLOAK-3169] - Changes to account service and more tests
* [KEYCLOAK-3169] - Code cleanup and tests
* [KEYCLOAK-3169] - Changes to account service and tests
* [KEYCLOAK-3169] - Changes to account service and tests
* [KEYCLOAK-3169] - More tests
* [KEYCLOAK-3169] - Changes to adapter configuration
* [KEYCLOAK-3169] - Reviewing UMA specs and more tests
* [KEYCLOAK-3169] - Reviewing UMA specs and more tests
* [KEYCLOAK-3169] - Changes to UMA Grant Type and refactoring
* [KEYCLOAK-3169] - Refresh tokens for RPT responses and tests
* [KEYCLOAK-3169] - Changes to account my resources and policy enforcers
* [KEYCLOAK-3169] - Realm settings flag to enable/disable user-managed access in account mgmt console
* [KEYCLOAK-3169] - More changes to my resource pages in account mgmt console
* [KEYCLOAK-3169] - Need to enable user-managed on realm to run tests
* [KEYCLOAK-3169] - Removing more UMA 1.0 related code
* [KEYCLOAK-3169] - Only submit requests if ticket exists
* [KEYCLOAK-3169] - Returning UMA 401 response when not authenticated
* [KEYCLOAK-3169] - Removing unused code
* [KEYCLOAK-3169] - Removing unused code
* [KEYCLOAK-3169] - 403 response in case ticket is not created
* [KEYCLOAK-3169] - Fixing AbstractPhotozExampleAdapterTest#testClientRoleRepresentingUserConsent
* [KEYCLOAK-3169] - 403 status code only returned for non-bearer clients
2018-02-28 08:53:10 +01:00
wyvie
f8022a5c2f
[KEYCLOAK-6585] hybrid flow: removed token_type and expires_in paramters from oidc auth response
2018-02-27 15:31:12 +01:00
vmuzikar
a2cc7bd4b9
KEYCLOAK-6709 Fix OpenShift IdP doesn't fetch user's full name
2018-02-27 12:28:42 +01:00
wyvie
52acd959e0
[KEYCLOAK-6584] removed not-before-policy parameter from authorization response
2018-02-26 17:41:18 +01:00
Josh Cain
24132c8f5b
Return location for execution and flow creation in admin interface. Also allow for retrieval of execution by ID
2018-02-26 17:00:17 +01:00
Hynek Mlnarik
e7cdb8ad54
KEYCLOAK-6473 KEYCLOAK-6472 SAML parser refactor + protocol parsers
2018-02-23 08:16:14 +01:00
Stian Thorgersen
9ef1f1b73c
KEYCLOAK-3482
2018-02-22 09:42:45 -03:00
Erlend Hamnaberg
208ecbc3f7
KEYCLOAK-6676: Fix NPE if the redirect_uri parameter is missing
2018-02-21 19:44:22 +01:00
mposolda
fc463ae50b
KEYCLOAK-6617 Offline token logout did not invalidate user session
2018-02-19 08:49:05 +01:00
cgol
86a8addf49
KEYCLOAK-6615 Remove offline session from database on offline token logout
...
remove offline token from database on offline session logout
2018-02-19 08:49:05 +01:00
stianst
9b63cd35f0
KEYCLOAK-6431
2018-02-13 19:38:46 +01:00
Hynek Mlnarik
84ea3f8cb1
KEYCLOAK-4315 Remove some dead/duplicate classes
2018-02-13 15:41:36 +01:00
Bill Burke
5d5373454c
Merge pull request #4991 from patriot1burke/challenge-support
...
KEYCLOAK-6355
2018-02-13 09:38:45 -05:00
Bill Burke
87ee15a081
fix
2018-02-12 16:52:55 -05:00
Bill Burke
d6788a0839
finish
2018-02-10 13:38:39 -05:00
stianst
505cf5b251
KEYCLOAK-6519 Theme resource provider
2018-02-09 08:28:59 +01:00
Bill Burke
5ea4ef9e55
change code query params to session_code
2018-02-08 17:37:27 -05:00
Douglas Palmer
e8de4655ac
KEYCLOAK-6344 Use POST instead of GET for LDAP connection tests
2018-02-08 21:18:03 +01:00
Jochen Preusche
8325151e16
Extract findLocale
to LocaleNegotiator
, add tests
...
* Improve Testability of Locale Negotiation
* Add test for Locale Negotiation
* Fix Locale Negotiation for omitted Country Code
2018-02-06 09:50:04 +01:00
Serhii Shymkiv
c2fe500eb8
[KEYCLOAK-4721] Consider Session Language of Realm Also In ReCaptcha
2018-02-02 13:57:03 +01:00
vramik
019c3c9ef9
KEYCLOAK-6146 realm import fails when password policy is specified
2018-02-02 08:30:06 +01:00
Thomas Darimont
77334af34e
KEYCLOAK-6222 Check syntax for errors on ScriptBasedOIDCProtocolMapper validation
...
We now explicitly check for syntax errors
during validation of ScriptBasedOIDCProtocolMappers.
2018-02-02 08:28:27 +01:00
Bill Burke
8f09efab9d
Merge pull request #4949 from patriot1burke/client-storage-spi
...
KEYCLOAK-6228
2018-02-01 08:59:02 -05:00
Bill Burke
126dd70efc
client stat improvement
2018-01-31 13:05:13 -05:00
Bill Burke
a571781240
hynek db changes
2018-01-30 17:00:55 -05:00
Vlastimil Elias
a5f675d693
KEYCLOAK-4937 - convert time units in emails into human-friendly format
2018-01-30 06:38:57 +01:00
Bill Burke
1d8e38f0c6
admin console
2018-01-27 13:05:02 -05:00
Bill Burke
dd4c0d448c
Merge remote-tracking branch 'upstream/master' into client-storage-spi
2018-01-27 09:47:41 -05:00
Bill Burke
6b84b9b4b6
done 1st iteration
2018-01-27 09:47:16 -05:00
Takashi Norimatsu
502627f590
KEYCLOAK-5811 Client Authentication by JWS Client Assertion in client secret
2018-01-26 10:59:40 +01:00
gregoirew
13261b52db
Use the github /user/emails api endpoint if the github user did not set any public email.
...
Github can send a null email on the user info endpoint if there is no public email on the user profile.
This commit look for email on the /user/emails endpoint, selecting the primary email.
2018-01-25 20:56:24 +01:00
Bill Burke
ddad1cb8af
Merge remote-tracking branch 'upstream/master' into client-storage-spi
2018-01-25 10:08:37 -05:00
Bill Burke
8a17b61f4e
initial work
2018-01-25 10:08:26 -05:00
Bill Burke
7c66f76858
Merge pull request #4932 from patriot1burke/per-client-flow
...
KEYCLOAK-6335
2018-01-25 09:55:11 -05:00
Thomas Darimont
3d12bf7d14
KEYCLOAK-4743 Revise proxy support for HttpClient SPI
...
Polishing & more tests.
2018-01-25 09:31:32 +01:00
Thomas Darimont
851d0192ad
KEYCLOAK-4743 Add proxy support to HttpClient SPI
...
We now provide a configurable way for dynamic proxy route selection
for the default HttpClient based on regex based targetHostname patterns.
Introduced `ProxyMapping` to describe a regex based mapping
between target hosts and the proxy URL to use.
A `ProxyMapping` can be build from an ordered list of string based
mapping representations, e.g:
```
^.*.(google.com|googleapis.com)$;http://localhost:8080
```
If the targetHost does not match a configured proxy mapping,
no proxy is used.
This can be configured via standalone.xml / jboss-cli, e.g.:
```
echo SETUP: Configure proxy routes for HttpClient SPI
/subsystem=keycloak-server/spi=connectionsHttpClient/provider=default:add(enabled=true)
/subsystem=keycloak-server/spi=connectionsHttpClient/provider=default:write-attribute(name=properties.proxy-mappings,value=["^.*.(google.com|googleapis.com)$;http://www-proxy1:8080 ","^.*.facebook.com$;http://www-proxy2:8080 "])
```
The new `ProxyMappingWareRoutePlanner` uses a configured `ProxyMapping`
to decide which proxy to use for a given request based on the target host
denoted by the HTTP request to execute.
I verified this manually with the BurpProxy Suite.
2018-01-25 09:31:32 +01:00
mposolda
6369c26671
KEYCLOAK-6286 Adding 'Exclude Session State From Authentication Response' switch to fix backwards compatibility with Keycloak 2.X adapters
2018-01-24 11:35:13 +01:00
Bill Burke
7b2e72d395
Merge remote-tracking branch 'upstream/master' into per-client-flow
2018-01-23 12:10:11 -05:00
Bill Burke
a9297df89c
KEYCLOAK-6335
2018-01-23 12:09:49 -05:00
Hynek Mlnarik
4ba72e2d2d
KEYCLOAK-5976 Fix client setting in brokered IdP-initiated scenario
2018-01-23 09:34:11 +01:00
stianst
f762173eb0
KEYCLOAK-3370 Add option to override theme in client template and client
2018-01-18 09:14:13 +01:00
stianst
35ada9d636
KEYCLOAK-6289 Add ThemeSelectorSPI
2018-01-18 09:14:13 +01:00
Thomas Darimont
bae4d4c673
KEYCLOAK-5791 Allow multi-valued ScriptBasedOIDCProtocolMapper
...
We now support multi-valued attribute values for the
`ScriptBasedOIDCProtocolMapper`.
Previously the `ScriptBasedOIDCProtocolMapper` only supported
single valued output. If a script returned a list of
output values then only the first value was emitted to the token.
By default multi-valued is set to `false` / `off`.
2018-01-11 08:52:24 +01:00